Thanks a ton. After setting ciphers to aNULL, my program worked. Thanks again.
----- Original Message ---- From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: openssl-users@openssl.org Sent: Thursday, January 17, 2008 8:47:01 PM Subject: Re: Got error on TLSv1 handshake when server is not sending its certificate to client Hello, > I have a written a simple client-server program in which I am trying to communicate > between client and server using SSL by setting peer authentication OFF on both sides. > > When I don't set any certificates on server side, I am getting this error s3_srvr.c > (985): 41153: no shared cipher > > If I set certificate on server side, it is working fine. > > I have read TLSv1 RFC2246, in 7.3 section, they have given server sending its > certificate is optional. > > So, is it a restriction/limitation on openssl side? OR Am I doing any mistake?. I tried > look for the similar problems in openssl mail archive, but could not find any. This is because anonymous ciphers are disabled by default. You may test this with: $ openssl s_server -nocert $ openssl s_client this will give you no shared cipher. But if you enable anonymous ciphers: $ openssl s_server -nocert -cipher aNULL $ openssl s_client -cipher aNULL connection will be established properly. Of course commands: $ openssl s_server -nocert -cipher ALL $ openssl s_client -cipher ALL works too. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
